Method and System for Controlling Access to Semantic Web Statements

1. A method of controlling access to semantic web statements, comprising the steps of: providing a set of semantic web statements in a defined format, and storing said set of statements in one or more first tables, the first tables including at least one subject, at least one object, at least one URI (Uniform Resource Identifier) within the first tables; constructing a set of access control lists in said defined format, and storing said set of lists in one or more second tables wherein said access control lists are linked to reified web statements; connecting the second tables to the first tables via a set of third tables storing the uniform resource identifier, wherein the first tables, the second tables and the third tables are connected through the URI, the URI for performing mandatory reification of said semantic web statements, said mandatory reification expressing in said third tables characteristic connections between the subject in the first tables and the object in the first tables, said characteristic connections represented by sentences; using the second tables to enforce access rules to said semantic web statements; filtering out semantic web statements that a user does not have permission to read according to said access control lists, wherein the filtering is performed by adding a condition to each relational query sent to a relational database; and returning errors when users attempt to make changes to said semantic web statements that said users do not have permission to change according to said access control lists, using a pre-existing storage subsystem implementing a query mechanism for any one of querying, inserting, updating or deletion of said semantic web statements, wherein the step of using said second tables includes a step of extending said query mechanism to use said access control lists to filter out statements from queries that a user has no privilege to read, wherein a program causes a computer system to perform said providing, said constructing, said connecting, said using the second tables, said filtering, said returning, and said using the pre-existing storage subsystem.

2. The method according to claim 1 , wherein the extending step includes the step of adding a condition to each query from a current user to the database that specifies to include statements in query results only if said current user has a read access in an associated access control list.

3. A computer-implemented system for controlling access to semantic web statements, said system comprising: a computer-implemented means for providing a set of semantic web statements in a defined format, and storing said set of statements in one or more first tables, the first tables including at least one subject, at least one object, at least one URI (Uniform Resource Identifier) within the first tables; a computer-implemented means for constructing a set of access control lists in said defined format, and storing said set of lists in one or more second tables wherein said access control lists are linked to reified web statements; a computer-implemented means for connecting the second tables to the first tables via a set of third tables storing the uniform resource identifier, wherein the first tables, the second tables and the third tables are connected through the URI, the URI for performing mandatory reification of said semantic web statements, said mandatory reification expressing in said third tables characteristic connections between the subject in the first tables and the object in the first tables, said characteristic connections represented by sentences; a computer-implemented means for using the second tables to enforce access rules to said semantic web statements; a computer-implemented means for filtering out semantic web statements that a user does not have permission to read according to said access control lists, wherein the filtering is performed by adding a condition to each relational query sent to a relational database; a computer-implemented means for returning errors when users attempt to make changes to said semantic web statements that said users do not have permission to change according to said access control lists; a pre-existing storage subsystem implementing a query mechanism for any one of querying, inserting, updating or deleting of said semantic web statements, wherein the computer-implemented means for using said second tables includes a computer-implemented means for extending said query mechanism to use said access control lists to filter out statements from queries that a user has no privilege to read.

4. The computer-implemented system according to claim 3 , wherein the computer-implemented means for extending includes a computer-implemented means for adding a condition to each query from a current user to the database that specifies to include statements in query results only if said current user has a read access in an associated access control list.

5. A computer program product for controlling access to semantic web statements, the computer program product comprising a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method comprising: providing a set of semantic web statements in a defined format, and storing said set of statements in one or more first tables, the first tables including at least one subject, at least one object, at least one URI (Uniform Resource Identifier) within the first table; constructing a set of access control lists in said defined format, and storing said set of lists in one or more second tables wherein said access control lists are linked to reified web statements; connecting the second tables to the first tables via a set of third tables storing the uniform resource identifier, wherein the first tables, the second tables and the third tables are connected through the URI, the URI for performing mandatory reification of said semantic web statements, said mandatory reification expressing in said third tables characteristic connections between the subject in the first tables and the object in the first tables, said characteristic connections represented by sentences; using the second tables to enforce access rules to said semantic web statements; filtering out semantic web statements that a user does not have permission to read according to said access control lists, wherein the filtering is performed by adding a condition to each relational query sent to a relational database; and returning errors when users attempt to make changes to said semantic web statements that said users do not have permission to change according to said access control lists, using a pre-existing storage subsystem implementing a query mechanism for any one of querying, inserting, updating or deletion of said semantic web statements, wherein the step of using said second tables includes a step of extending said query mechanism to use said access control lists to filter out statements from queries that a user has no privilege to read, wherein a program causes a computer system to perform said providing, said constructing, said connecting, said using the second tables, said filtering, said returning, and said using the pre-existing storage subsystem.

6. The computer program product according to claim 5 , wherein the extending step includes a step of adding a condition to each query from a current user to the database that specifies to include statements in query results only if said current user has a read access in an associated access control list.